CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-29016

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile7.59th
Published2021年1月14日
Last Modified2024年11月21日

Vulnerability Description

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

Affected Platforms (CPE)

📦
Fortinet

Fortiweb

< 6.2.4
📦
Fortinet

Fortiweb

>= 6.3.0 and <= 6.3.5

References & Advisories

🔗 https://www.fortiguard.com/psirt/FG-IR-20-125
🔗 https://www.fortiguard.com/psirt/FG-IR-20-125

相關漏洞威脅

CVE-2021-427569.8

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, ...

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2020-290159.8

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,...

CVE-2025-597199.8

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiW...